raccoon | a1bd10dc14bf9edc3d4563c86d556a051d9a394fdcab91343b071f269aae2912 | Triage

Sharing

General

Target

a1bd10dc14bf9edc3d4563c86d556a051d9a394fdcab91343b071f269aae2912
Size

422KB
Sample

211207-nkpdvaghfq
MD5

b559cacdc4a0fec2dfd132419a19ed68
SHA1

6d5bb0ad0ec8091d1196a44aca8f8b071c895265
SHA256

a1bd10dc14bf9edc3d4563c86d556a051d9a394fdcab91343b071f269aae2912
SHA512

5b4264c570a68d73f9091783a0a033145a3892fa986d999a6afae0b400750bc4d1d3c1f3b1a270e4c2c6ec644ae210bfb0135352d5cbfc6508bd6aaba5bab374

Score

10^/10

raccoon a2337059abb40b184e621b38e62ace3e1a158d50 stealer

Malware Config

Extracted

Family

raccoon

Version

1.8.3-hotfix

Botnet

a2337059abb40b184e621b38e62ace3e1a158d50

Attributes

url4cnc
http://94.158.245.137/papatikmikr03
http://91.219.236.27/papatikmikr03
http://94.158.245.167/papatikmikr03
http://185.163.204.216/papatikmikr03
http://185.225.19.238/papatikmikr03
http://185.163.204.218/papatikmikr03
https://t.me/papatikmikr03

rc4.plain

rc4.plain

Targets

- Target
  
  a1bd10dc14bf9edc3d4563c86d556a051d9a394fdcab91343b071f269aae2912
- Size
  
  422KB
- MD5
  
  b559cacdc4a0fec2dfd132419a19ed68
- SHA1
  
  6d5bb0ad0ec8091d1196a44aca8f8b071c895265
- SHA256
  
  a1bd10dc14bf9edc3d4563c86d556a051d9a394fdcab91343b071f269aae2912
- SHA512
  
  5b4264c570a68d73f9091783a0a033145a3892fa986d999a6afae0b400750bc4d1d3c1f3b1a270e4c2c6ec644ae210bfb0135352d5cbfc6508bd6aaba5bab374
Score

10^/10

raccoon a2337059abb40b184e621b38e62ace3e1a158d50 stealer
- Raccoon
  Simple but powerful infostealer which was very active in 2019.
  stealer raccoon
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

raccoona2337059abb40b184e621b38e62ace3e1a158d50stealer